Report: IoT Malware Attacks Against Routers On The Rise

SonicWall says IoT malware attacks rose by 6% in 2021 and mainly affected routers, but they may be leveling off.

Leave a Comment

Although ransomware ran rampant last year, IoT malware attacks continue to be a significant threat as the number of connected devices grows, according to a new report from SonicWall.

The company’s 2022 Cyber Threat Report finds that ransomware attacks more than doubled last year, but IoT malware threats also continued to climb, hitting 60.1 million such attacks in 2021, the highest number ever recording by the company in a single year.

March was the most active month for IoT malware, resulting in 6.8 million instances, the report says. For the year, IoT malware climbed 6%, although that is a much smaller increase than the 218% and 66% increases seen in 2019 and 2020, respectively, suggesting that IoT attacks may be leveling off.

Even as new and more powerful IoT devices continue to hit the market, SonicWall says the most frequently attacked devices in 2021 were routers, following by cameras/NVRs. As of December 2021, SonicWall says it has 269 signatures protecting more than 96 IoT devices from various threats. Those devices include routers from NETGEAR, D-Link and others, per the report.

The company’s report also finds that ransomware volume has exploded since before the pandemic, rising 232% since 2019. That ransomware increase is largely seen in the U.S. and U.K., where ransomware climbed 98% and 227%, respectively.

According to the SonicWall’s report, there were nearly 20 ransomware attempts every second, representing an average of 2,170 ransomware attempts per customer.

The first half of 2021 saw 304.7 million attempts, more than all of 2020. However, the second half was even worse, with 318.6 million attempts—despite a notable decline in the fourth quarter.

The U.S. remains far and away the most targeted country, recording 421.5 million ransomware attempts in 2021.

The report also explores how quickly the ransomware ecosystem is growing, with SonicWall Capture Labs researchers recording hits from about 1,000 different ransomware signatures and more than 300 ransomware families over the course of last year.

However, just three families made up more than 62% of all ransomware in 2021: Ryuk, SamSam and Cerber.

Increases were also seen across targeted industries, with government reporting the largest such increase in ransomware attempts at a staggering 1,885%. Healthcare wasn’t too far behind, reporting a 755% increase in ransomware. Education and retail reported increases of 152% and 21%, respectively.

Malware was slightly down in 2021, marking a third straight year of decreases and a seven-year low in malware, but the second half of 2021 marked an uptick that almost completely erased the 22% drop in malware recorded at the mid-year point, Sonic Wall’s report says.

That decrease was just 4%, suggesting that malware numbers may rebound in 2022, according to the report.

While the ransomware and other malware increases reported by SonicWall are alarming, so are the vectors that threat actors are quickly exploiting, including the Log4j vulnerabilities that were exploited in droves as the IT ecosystem was caught off guard by a critical security bug in one of the most used software tools.

The report says threat actors attempted to exploit the Log4j flaws 142.2 million times between Dec. 11, 2021 and the end of last month, with a daily average of 2.7 million exploit attempts.

Encrypted attacks send over HTTPs are also on the rise, increasing by 167% last year and almost making up as many as 2018, 2019 and 2020 combined, SonicWall reports.

“Cyberattacks become more attractive and potentially more disastrous as dependence on information technology increases,” says SonicWall President and CEO Bill Conner. “Securing information in a boundless world is a near impossible and thankless job, especially as the boundaries of organizations are ever-expanding to limitless endpoints and networks.”